Date: Thu, 16 Aug 2001 14:27:57 -0700 From: Kris Kennaway <kris@obsecurity.org> To: Simon Williams <freebsd-questions@FreeBSD.ORG> Subject: Re: LINT & IPFIREWALL options Message-ID: <20010816142757.B79242@xor.obsecurity.org> In-Reply-To: <Y%2BVMc%2BTyMDf7Ewcq@sis-domain.demon.co.uk>; from freebsd@sis-domain.demon.co.uk on Thu, Aug 16, 2001 at 09:55:14PM %2B0100 References: <Y%2BVMc%2BTyMDf7Ewcq@sis-domain.demon.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
--ZfOjI3PrQbgiZnxM Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Aug 16, 2001 at 09:55:14PM +0100, Simon Williams wrote: > Now when I booted this kernel, it recognised the network card, but a=20 > ping returned "No route to host." Because you haven't installed firewall rules, and the default behaviour (with the options you included above) is to deny all traffic. If you want to accept all traffic by default (less secure, because packets will make it through your firewall at boot time before the firewall rules are loaded), there's another kernel option to enable that behaviour. > From reading some past posts from this list, I saw that IPFilter is=20 > another (old?) firewall application. Does this mean those lines are for= =20 > ipfilter instead of ipfw? No, they're for ipfw. ipfilter isn't out of date -- it's just an alternative packet filter package which has a slightly different feature set. > Now that I have a working kernel & firewall, I just wanted to know why=20 > LINT shows firewall options that aren't in GENERIC, yet firewalling=20 > still works? Because LINT contains more options than GENERIC by definition. GENERIC is a kernel which "should be okay for most people", but LINT lists all possible options. > Also, this box will be doing firewalling/bandwidth > > limiting/routeing (for an IP block) in about a weeks time; is there > > anything I need to do to the kernel to support that or is it just > ipfw > commands from here? Well, you'll need DUMMYNET for bandwidth limiting. It's all described in the ipfw manpage. Kris --ZfOjI3PrQbgiZnxM Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE7fDrdWry0BWjoQKURAv7gAKDb1d/X9Wd6WCgzgMc7O76cm/UTuQCgscYF 1oxVxQBMofEJrT2jkv3gnjo= =3aP5 -----END PGP SIGNATURE----- --ZfOjI3PrQbgiZnxM-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010816142757.B79242>